Python pyramid.security.ALL_PERMISSIONS Examples
The following are 19
code examples of pyramid.security.ALL_PERMISSIONS().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
pyramid.security
, or try the search function
.
.
Example #1
| Source File: wsgi_security.py From channelstream with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def __init__(self, request):
self.__acl__ = []
config = request.registry.settings
req_url_secret = request.params.get("secret")
req_secret = request.headers.get("x-channelstream-secret", req_url_secret)
addr = request.environ["REMOTE_ADDR"]
if not is_allowed_ip(addr, config):
log.warning("IP: {} is not whitelisted".format(addr))
return
if req_secret:
max_age = 60 if config["validate_requests"] else None
request.registry.signature_checker.unsign(req_secret, max_age=max_age)
else:
return
self.__acl__ = [(Allow, Everyone, ALL_PERMISSIONS)]
Example #2
| Source File: auth.py From ramses with Apache License 2.0 | 6 votes |
|
def create_system_user(config):
log.info('Creating system user')
crypt = cryptacular.bcrypt.BCRYPTPasswordManager()
settings = config.registry.settings
try:
auth_model = config.registry.auth_model
s_user = settings['system.user']
s_pass = str(crypt.encode(settings['system.password']))
s_email = settings['system.email']
defaults = dict(
password=s_pass,
email=s_email,
groups=['admin'],
)
if config.registry.database_acls:
defaults['_acl'] = [(Allow, 'g:admin', ALL_PERMISSIONS)]
user, created = auth_model.get_or_create(
username=s_user, defaults=defaults)
if created:
transaction.commit()
except KeyError as e:
log.error('Failed to create system user. Missing config: %s' % e)
Example #3
| Source File: test_auth.py From ramses with Apache License 2.0 | 6 votes |
|
def test_create_system_user_created(self, mock_crypt, mock_trans):
from ramses import auth
encoder = mock_crypt.bcrypt.BCRYPTPasswordManager()
encoder.encode.return_value = '654321'
config = Mock()
config.registry.settings = {
'system.user': 'user12',
'system.password': '123456',
'system.email': 'user12@example.com',
}
config.registry.auth_model.get_or_create.return_value = (
Mock(), True)
auth.create_system_user(config)
mock_trans.commit.assert_called_once_with()
encoder.encode.assert_called_once_with('123456')
config.registry.auth_model.get_or_create.assert_called_once_with(
username='user12',
defaults={
'password': '654321',
'email': 'user12@example.com',
'groups': ['admin'],
'_acl': [(Allow, 'g:admin', ALL_PERMISSIONS)],
}
)
Example #4
| Source File: test_auth.py From ramses with Apache License 2.0 | 6 votes |
|
def test_create_system_user_exists(self, mock_crypt, mock_trans):
from ramses import auth
encoder = mock_crypt.bcrypt.BCRYPTPasswordManager()
encoder.encode.return_value = '654321'
config = Mock()
config.registry.settings = {
'system.user': 'user12',
'system.password': '123456',
'system.email': 'user12@example.com',
}
config.registry.auth_model.get_or_create.return_value = (1, False)
auth.create_system_user(config)
assert not mock_trans.commit.called
encoder.encode.assert_called_once_with('123456')
config.registry.auth_model.get_or_create.assert_called_once_with(
username='user12',
defaults={
'password': '654321',
'email': 'user12@example.com',
'groups': ['admin'],
'_acl': [(Allow, 'g:admin', ALL_PERMISSIONS)],
}
)
Example #5
| Source File: context.py From muesli with GNU General Public License v3.0 | 6 votes |
|
def __init__(self, request):
exercise_id = request.matchdict['exercise_id']
self.exercise = request.db.query(Exercise).get(exercise_id)
if self.exercise is None:
raise HTTPNotFound(detail='Exercise not found')
self.exam = self.exercise.exam
if 'tutorial_ids' in request.matchdict:
self.tutorial_ids = request.matchdict['tutorial_ids'].split(',')
if len(self.tutorial_ids)==1 and self.tutorial_ids[0]=='':
self.tutorial_ids = []
self.tutorials = []
else:
self.tutorials = request.db.query(Tutorial).filter(Tutorial.id.in_(self.tutorial_ids)).all()
self.__acl__ = [
(Allow, Authenticated, 'view_points'),
(Allow, 'group:administrators', ALL_PERMISSIONS),
]+[(Allow, 'user:{0}'.format(tutor.id), ('statistics')) for tutor in self.exam.lecture.tutors
]+[(Allow, 'user:{0}'.format(assistant.id), ('statistics')) for assistant in self.exam.lecture.assistants
]
Example #6
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
self.__acl__ = [
(Allow, Everyone, ('view')),
(Allow, 'group:administrators', ALL_PERMISSIONS)
]
Example #7
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
self.__acl__ = [
(Allow, Authenticated, ('update', 'change_email', 'change_password','view_keys','remove_keys')),
(Allow, 'group:administrators', ALL_PERMISSIONS),
]+[(Allow, 'user:{0}'.format(a.id), 'create_lecture') for a in request.db.query(User).filter(User.is_assistant==1).all()]
Example #8
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
grading_id = request.matchdict['grading_id']
self.grading = request.db.query(Grading).get(grading_id)
if self.grading is None:
raise HTTPNotFound(detail='Grading not found')
self.__acl__ = [
(Allow, 'group:administrators', ALL_PERMISSIONS),
]+[(Allow, 'user:{0}'.format(assistant.id), ('view', 'edit')) for assistant in self.grading.lecture.assistants]
Example #9
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
student_id = request.POST['student']
tutorial_id = request.POST['new_tutorial']
self.student = request.db.query(User).get(student_id)
self.tutorial = request.db.query(Tutorial).get(tutorial_id)
if self.student is None:
raise HTTPNotFound(detail='Student not found')
if self.tutorial is None:
raise HTTPNotFound(detail='tutorial not found')
self.__acl__ = [
(Allow, 'group:administrators', ALL_PERMISSIONS),
]+[
(Allow, 'user:{0}'.format(assistant.id), ('move')) for assistant in self.tutorial.lecture.assistants
]
Example #10
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
exam_id = request.matchdict['exam_id']
self.exam = request.db.query(Exam).get(exam_id)
if self.exam is None:
raise HTTPNotFound(detail='Exam not found')
self.tutorial_ids_str = request.matchdict.get('tutorial_ids', '')
self.tutorials, self.tutorial_ids = getTutorials(request)
self.__acl__ = [
#(Allow, Authenticated, 'view_own_points'),
(Allow, 'group:administrators', ALL_PERMISSIONS),
]+[(Allow, 'user:{0}'.format(tutor.id), ('statistics')) for tutor in self.exam.lecture.tutors
]+[(Allow, 'user:{0}'.format(assistant.id), ('edit', 'view_points', 'enter_points', 'statistics')) for assistant in self.exam.lecture.assistants
]
if self.exam.lecture.tutor_rights == editAllTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('enter_points', 'view_points')) for tutor in self.exam.lecture.tutors]
else:
if self.tutorials:
if self.exam.lecture.tutor_rights == editOwnTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('view_points', 'enter_points')) for tutor in getTutorForTutorials(self.tutorials)]
elif self.exam.lecture.tutor_rights == editNoTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('view_points')) for tutor in getTutorForTutorials(self.tutorials)]
elif self.exam.lecture.tutor_rights == editAllTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('view_points', 'enter_points')) for tutor in self.exam.lecture.tutors]
else: raise ValueError('Tutorrights %s not known' % self.exam.lecture.tutor_rights)
# add exam specific links
if self.exam.lecture is None:
return
if request.has_permission('edit', self):
lecture_root = NavigationTree(self.exam.lecture.name,
request.route_url('lecture_edit', lecture_id=self.exam.lecture.id))
else:
lecture_root = NavigationTree(self.exam.lecture.name,
request.route_url('lecture_view', lecture_id=self.exam.lecture.id))
nodes = get_lecture_specific_nodes(request, self, self.exam.lecture.id)
for node in nodes:
lecture_root.append(node)
request.navigationTree.prepend(lecture_root)
Example #11
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
confirmation_hash = request.matchdict['confirmation']
self.confirmation = request.db.query(Confirmation).get(confirmation_hash)
if self.confirmation is None:
raise HTTPNotFound(detail='Confirmation not found')
self.__acl__ = [
(Allow, 'group:administrators', ALL_PERMISSIONS),
]
Example #12
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
source1 = request.GET['source1']
source2 = request.GET['source2']
ids1 = self.get_allowed_ids(source1, request)
ids2 = self.get_allowed_ids(source2, request)
ids = set(ids1).intersection(set(ids2))
self.__acl__ = [
(Allow, 'group:administrators', ALL_PERMISSIONS)
] + [(Allow, 'user:{0}'.format(id), ('correlation')) for id in ids]
Example #13
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
tutorial_id = request.matchdict.get('tutorial_id', None)
self.__acl__ = [(Allow, Authenticated, ('viewOverview')),
(Allow, 'group:administrators', ALL_PERMISSIONS)]
if tutorial_id is not None:
tutorial = request.db.query(Tutorial).get(tutorial_id)
if tutorial is not None:
lecture = tutorial.lecture
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('viewAll', 'edit'))] if request.user in lecture.assistants else []
if lecture.tutor_rights == editOwnTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('viewAll'))] if request.user == tutorial.tutor else []
elif lecture.tutor_rights == editAllTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('viewAll'))] if request.user in lecture.tutors else []
Example #14
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
exam_id = request.matchdict['exam_id']
self.exam = request.db.query(Exam).get(exam_id)
if self.exam is None:
raise HTTPNotFound(detail='Exam not found')
lecture = self.exam.lecture
lecture_students = lecture.students
self.__acl__ = [(Allow, 'group:administrators', ALL_PERMISSIONS)]
if request.user in lecture_students:
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view'))]
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view', 'edit'))] if request.user in lecture.assistants else []
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view'))] if request.user in lecture.tutors else []
Example #15
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
exercise_id = request.matchdict['exercise_id']
exercise_id = exercise_id.strip("/")
user_id = request.matchdict.get('user_id', None)
self.exercise = request.db.query(Exercise).get(exercise_id)
if self.exercise is None:
raise HTTPBadRequest("Die Angeforderte Übung existiert nicht!")
self.lecture = self.exercise.exam.lecture
student = None
self.user = None
if user_id is not None:
user_id = user_id.strip("/")
self.user = request.db.query(User).get(user_id)
try:
student = request.db.query(LectureStudent).filter(and_(LectureStudent.student_id == self.user.id, LectureStudent.lecture == self.lecture)).one()
except SQLAlchemyError:
student = None
self.__acl__ = [(Allow, 'group:administrators', ALL_PERMISSIONS)]
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view', 'viewAll', 'viewOwn'))] if request.user in self.lecture.assistants else []
if request.user == self.user and request.user is not None:
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view', 'viewOwn'))]
if self.lecture.tutor_rights == editAllTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view', 'viewAll', 'viewOwn'))] if request.user == self.lecture.tutors else []
else:
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('view'))] if request.user in self.lecture.tutors else []
if student is not None:
tutorial = student.tutorial
self.__acl__ += [(Allow, 'user:{0}'.format(request.user.id), ('viewOwn'))] if request.user == tutorial.tutor else []
Example #16
| Source File: context.py From muesli with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, request):
user_id = request.matchdict['user_id']
self.user = request.db.query(User).get(user_id)
if self.user is None:
raise HTTPNotFound(detail='User not found')
self.__acl__ = [
(Allow, 'user:{0}'.format(user_id), ('view')),
(Allow, 'group:administrators', ALL_PERMISSIONS),
]
Example #17
| Source File: wsgi_security.py From channelstream with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def __init__(self, request):
self.__acl__ = []
user = request.authenticated_userid
if user:
self.__acl__ = [(Allow, Everyone, ALL_PERMISSIONS)]
else:
# try the API auth factory too for server requests
context_obj = APIFactory(request)
self.__acl__ = context_obj.__acl__
Example #18
| Source File: polymorphic.py From nefertari with Apache License 2.0 | 5 votes |
|
def set_collections_acl(self):
""" Calculate and set ACL valid for requested collections.
DENY_ALL is added to ACL to make sure no access rules are
inherited.
"""
acl = [(Allow, 'g:admin', ALL_PERMISSIONS)]
collections = self.get_collections()
resources = self.get_resources(collections)
aces = self._get_least_permissions_aces(resources)
if aces is not None:
for ace in aces:
acl.append(ace)
acl.append(DENY_ALL)
self.__acl__ = tuple(acl)
Example #19
| Source File: context.py From muesli with GNU General Public License v3.0 | 4 votes |
|
def __init__(self, request):
self.tutorial_ids_str = request.matchdict.get('tutorial_ids', request.matchdict.get('tutorial_id', ''))
self.tutorials, self.tutorial_ids = getTutorials(request)
if self.tutorials:
self.lecture = self.tutorials[0].lecture
else:
lecture_id = request.matchdict.get('lecture_id', None)
if lecture_id:
self.lecture = request.db.query(Lecture).get(lecture_id)
else:
self.lecture = None
self.__acl__ = [
(Allow, 'group:administrators', ALL_PERMISSIONS),
]
if self.lecture:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('viewOverview', 'take_tutorial', 'mail_tutors')) for tutor in self.lecture.tutors]
self.__acl__ += [((Allow, 'user:{0}'.format(assistant.id), ('viewOverview', 'viewAll', 'sendMail', 'edit', 'remove_student'))) for assistant in self.lecture.assistants]
if self.tutorials:
if self.lecture.tutor_rights == editOwnTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('viewAll', 'remove_student')) for tutor in getTutorForTutorials(self.tutorials)]
elif self.lecture.tutor_rights == editNoTutorials:
#TODO: This has to be a bug?!
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('viewAll', 'remove_student')) for tutor in getTutorForTutorials(self.tutorials)]
elif self.lecture.tutor_rights == editAllTutorials:
self.__acl__ += [(Allow, 'user:{0}'.format(tutor.id), ('viewAll', 'remove_student')) for tutor in self.lecture.tutors]
else: raise ValueError('Tutorrights %s not known' % self.lecture.tutor_rights)
for tutor in getTutorForTutorials(self.tutorials):
self.__acl__.append((Allow, 'user:{0}'.format(tutor.id), ('sendMail')))
if self.tutorials[0].lecture.mode == 'direct':
self.__acl__.append((Allow, Authenticated, ('subscribe')))
if self.tutorials[0].lecture.mode in ['direct', 'off']:
self.__acl__.append((Allow, Authenticated, ('unsubscribe')))
# add tutorial specific links
if self.lecture is None:
return
if request.has_permission('edit', self):
lecture_root = NavigationTree('Vorlesung: {}'.format(self.lecture.name),
request.route_url('lecture_edit', lecture_id=self.lecture.id))
else:
lecture_root = NavigationTree('Vorlesung: {}'.format(self.lecture.name),
request.route_url('lecture_view', lecture_id=self.lecture.id))
nodes = get_lecture_specific_nodes(request, self, self.lecture.id)
for node in nodes:
lecture_root.append(node)
for tutorial in self.tutorials:
tutorial_root = NavigationTree("{} ({})".format(tutorial.lecture.name, tutorial.time.__html__()),
request.route_url('tutorial_view', tutorial_ids=tutorial.id))
nodes = get_tutorial_specific_nodes(request, self, tutorial.id,
self.lecture.id)
for node in nodes:
tutorial_root.append(node)
if tutorial_root.children:
request.navigationTree.prepend(tutorial_root)
if lecture_root.children:
request.navigationTree.prepend(lecture_root)
